The Kelp DAO exploit: What exactly went wrong?

This past Saturday, Kelp, a liquid restaking protocol built on ETH, was the target of a $292 million drain.

The event sent shockwaves through DeFi ecosystems, with ripple effects felt across other platforms.

How did the hackers, who are considered to be North Korea's Lazarus Group, manage to pull off this heist?

What was the cause?

The root cause was Kelp's bridge, which relied on LayerZero's EndpointV2 as its cross-chain messaging system.

The hackers compromised two nodes within LayerZero's Decentralized Verification Network (DVN), then used those to forge a cross-chain message and call the lzReceive function on Kelp's bridge making it appear that rsETH had been burned on the source chain.

This enabled the hackers to "trick" Kelp's bridge into thinking a deposit transaction arrived from another network.

The bridge then released 116,500 rsETH directly to the hacker's address, with no collateral behind it.

Why were they able to do this?

The answer lies in the poor configuration of the LayerZero DVN setup.

Despite warnings from LayerZero themselves, Kelp ran a 1-of-1 DVN setup.

No backup DVNs were enabled.

Not securing the infrastructure of their bridge led to this disastrous exploit because that single DVN would blindly trust any signed message.

The Aftermath

Wrapped rsETH depegged across 20+ chains and Kelp paused rsETH contracts on mainnet as well as across multiple L2s.

Multiple lending protocols, including Aave, SparkLend, and Fluid, froze all rsETH markets to prevent further borrowing.

According to Ask Messari, downstream asset losses are as follows:

Aave bad debt➡️$123.7M–$230.1M in unrecoverable losses

Aave TVL drop➡️ ~$45.8B → ~$35.7B (roughly $10B loss on that protocol alone)

Broader DeFi TVL➡️ Down $13B+ within 48 hours

AAVE token➡️ Fell ~25%, dropping below $100 to a low of $87

WETH markets➡️ Hit 100% utilization, triggering $6.2B in lender outflows

Since then, the following recovery actions have been taken:

🟢Arbitrum Security Council froze ~30,766 ETH (~$71M) linked to the exploit

🟢Kelp DAO suspended all rsETH contracts across mainnet + L2s

🟢LayerZero banned 1/1 DVN configurations going forward

🟢Kelp is weighing a 16% proportional loss socialization across all rsETH holders

What to take away from this

Code and configuration are incredibly important.

Disregarding a proper setup can have disastrous effects on your community and the platform itself.

All DeFi projects should view exploits as learning opportunities and take the time to review their code base to ensure they’re well-protected.

The slightest error could very well cause irreversible damage.

Practice due diligence and put safeguards in place.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。